A similar issue to the one you bring up has recently gained attention as it applies to Facebook's tracking of user purchases -- privacy is guaranteed for their materials on the website, but apparently Facebook doesn't apply the same rules to XML feeds and other kinds of APIs, see this article for more.

From the article, I gather that other organizations (for a fee) are able associate their customers with Facebook accounts without the customer consent. To me this would also imply that Facebook has provided XML access to their Facebook user information which doesn't require authentication of the individual user. Or maybe I misunderstand? I don't see this as a violation by other organizations, but a lack of security and commitment to privacy on Facebook's part.

To put my own situation in similar context, the other organization would be the equivalent of Facebook, and our organization would be the equivalent of a house of family members sharing a single facebook account using automated tools. The data the other organization holds is not private from us, it is in fact the data we've already given it and we are only privy to our own data.